Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2006-0252
SQL injection vulnerability in Benders Calendar 1.0 allows remote malicious users to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters.
Benders Calendar Benders Calendar
NA
CVE-2023-47609
SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated malicious user to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request.
Oss-calendar Oss Calendar
NA
CVE-2022-4455
A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remot...
Php-calendar Php-calendar
445
VMScore
CVE-2007-0928
Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download an encoded password via a direct request for pwd.txt.
Virtual Calendar Virtual Calendar
383
VMScore
CVE-2017-6485
A Cross-Site Scripting (XSS) issue exists in php-calendar prior to 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script...
Php-calendar Php-calendar
445
VMScore
CVE-2002-1626
Directory traversal vulnerability in Mike Spice My Calendar prior to 1.5 allows remote malicious users to write arbitrary files via .. (dot dot) sequences in a URL.
Mike Spice My Calendar 1.3
Mike Spice My Calendar 1.4
Mike Spice My Calendar 1.1
Mike Spice My Calendar 1.2
Mike Spice My Calendar 1.0
668
VMScore
CVE-2005-4008
SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote malicious users to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters.
Jax Calendar Jax Calendar 1.34
312
VMScore
CVE-2021-24927
The My Calendar WordPress plugin prior to 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
My Calendar Project My Calendar
383
VMScore
CVE-2019-15713
The my-calendar plugin prior to 3.1.10 for WordPress has XSS.
My Calendar Project My Calendar
383
VMScore
CVE-2014-4571
Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and previous versions for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) fs or (2) w parameter.
Vn-calendar Project Vn-calendar
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »